gistfile1.txt

SSL is the encryption protocol used to secure communications over the web (HTTP) When that little lock icon appears in your browser's location bar, the HTTP traffic between the browser and the server is being encrypted with so-called public key cryptography, making it unreadable to people sniffing your traffic. Banking transactions, communications and any other sensible information should, and these days almost in every case is, transmitted with HTTP over SSL (HTTPS)

OpenSSL is the most popular library out there for allowing servers and client to encrypt HTTP with SSL. The Heartbleed bug is a programming flaw in this library (In the library, not in the protocol itself) that allows an attacker to read the system memory of computers using it. That means reading the memory where credentials, financial information and any other kind of sensitive and non-sensitive info is stored. So, attackers could, and with all certainty have, gotten their hands on a lot of stuff they should never have had access to.

So, this vulnerability affects all servers that have been using flawed versions of the OpenSSL library for encryption. Not universal, but pretty damn popular. The current situation is that is useless (or harmful, even, in a false security kind of way) to change passwords on servers that haven't yet patched their stack up with a new, bug-free version of the library. 

So the best advice would be to check Mashable's checklist and others like it when they crop up, change your password for sites that have already acknowledged and fixed the problem, and wait for and/or urge others that still haven't done it, to get a grip.

My (compromised) €0.02 cents.